The malicious app that facilitates the infection is called StealthBit, which installs browser extensions in Safari and Google Chrome on infected systems and looks for Bitcoin-related login credentials. When found, the malware sends the information bad to the criminals’ remote server.

That pilfered data also includes usernames and UUIDs (unique identifiers) attached to the infected Mac as well as whether there are any Bitcoin-related applications installed on the system.